DEV Community

Alex Siman
Alex Siman

Posted on

Security holes in PHP

Security holes in php

What is your most annoying vulnerability in PHP?

Discussion (14)

Collapse
adhocore profile image
J

WordPress πŸ˜›

Collapse
smn profile image
Alex Siman Author

Despite all its vulnerabilities, WordPress's still the most popular web platform :)

Collapse
devmazee2057282 profile image
dewbiez • Edited

WordPress has definitely make its history. And it's not terrible. But you shouldn't solely base it on popularity.

Just because there is a super popular person in school, doesn't make them a better person.

Collapse
defman profile image
Sergey Kislyakov πŸ‡·πŸ‡Ί πŸ‡ΊπŸ‡Έ

AFAIK Wordpress without a lot of plugins isn't that bad in terms of security.

Collapse
bluebird1 profile image
bluebird

race conditions.Also in many languages.:(

Collapse
vlasales profile image
Vlastimil Pospichal

Some example? I have no problem with this.

Collapse
bluebird1 profile image
bluebird • Edited

CVE-2017-16871 In fact, it is not common in php (golang is more). It is hard exploit and hard to find, but I can't ignore it, which leads me to check code like multi-step sql operation frequently.

Collapse
bluebird1 profile image
bluebird • Edited

I tried a stupid sql operation to add user data (such as gold coins), and then add the number of user operations in the database.Sorry,not my open source code。

Thread Thread
vlasales profile image
Vlastimil Pospichal

Use complex SQL or transaction.

Thread Thread
bluebird1 profile image
bluebird

Yes. So I was stupid at the time.But sometimes I can't use sql ransaction. Because maybe I are calling an external api or other operation.

Thread Thread
vlasales profile image
Vlastimil Pospichal

This is not vulnerability PHP. This is bad manipulation with database.

Thread Thread
bluebird1 profile image
bluebird

sorry,I may understand the wrong title.But if you only say php specific vulnerabilities,Should only be file include bug and some php Internal implementation vulnerability.

Collapse
biros profile image
Boris Jamot ✊ /

Bad developers.

Collapse
smn profile image
Alex Siman Author

Yeah, I have noticed that PHP attracts a lot of newbies because of its simplicity to kickstart a web development. Especially that was a case somewhere around 2006 to 2010 in the era of LAMP stacks.